来自 REST API 调用的错误消息未显示在 B2C 自定义策略中

Question

我的自定义策略中有一个自我断言的技术配置文件，它有一个验证技术配置文件，它是一个 REST API（天蓝色函数）调用。 I'm not directly calling the azure function from policy, from policy will call azure APIM and APIM will pass the request to azure function.

我面临的问题是，当我的 function 返回自定义错误消息时，它未按策略中的预期显示。

return new OkObjectResult(new ResponseContentModel
      {
       userMessage = "Sorry, Please provide valid information ",
       status = 409,
       retryCounter = data.RetryCounter
     });

我的技术简介如下：

<TechnicalProfile Id="Registration">
          <DisplayName>Email signup</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
            <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
            <Item Key="language.button_continue">Activate Account</Item>
            <!-- Sample: Remove sign-up email verification -->
            <Item Key="EnforceEmailVerification">False</Item>
            <Item Key="setting.retryLimit">5</Item>
          </Metadata>
          <InputClaimsTransformations>
            <!--Sample: Copy the email to ReadOnlyEamil claim type-->  
            <InputClaimsTransformation ReferenceId="CreateReadOnlyEmailAddress" />
          </InputClaimsTransformations>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" />
            <InputClaim ClaimTypeReferenceId="givenName" />
            <InputClaim ClaimTypeReferenceId="surname" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="objectId" DefaultValue="123" />
            <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="tncCheckbox" Required="true" />

            <OutputClaim ClaimTypeReferenceId="retryCounter" DefaultValue="0" />
            <OutputClaim ClaimTypeReferenceId="isFound" DefaultValue="false" />
            <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication"/>
            <OutputClaim ClaimTypeReferenceId="newUser" DefaultValue="true" />
          </OutputClaims>
          <ValidationTechnicalProfiles>
            <ValidationTechnicalProfile ReferenceId="API-Validate-UserInfo" />
            <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
          </ValidationTechnicalProfiles>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>

REST API验证技术简介如下：

<TechnicalProfile Id="API-Validate-UserInfo">
                <DisplayName>User OTP Notifications</DisplayName>    
                <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
                <Metadata>
                  <Item Key="ServiceUrl">https://myapimurl</Item>
                  <Item Key="SendClaimsIn">Body</Item>                        
                  <Item Key="AuthenticationType">ClientCertificate</Item>
                </Metadata>
                <CryptographicKeys>
                    <Key Id="ClientCertificate" StorageReferenceId="B2C_1A_APIMClientCertificate" />
                </CryptographicKeys>
                <InputClaims>
                    <InputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="GivenName" />
                    <InputClaim ClaimTypeReferenceId="surname" PartnerClaimType="SurName"/>
                    <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="Email"/>
                    <InputClaim ClaimTypeReferenceId="retryCounter" PartnerClaimType="RetryCounter"/>
                </InputClaims>
                <OutputClaims>
                  <OutputClaim ClaimTypeReferenceId="retryCounter" />
                  <OutputClaim ClaimTypeReferenceId="isFound" />
                </OutputClaims>
                <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
            </TechnicalProfile>

UI 中显示的错误消息是：

步骤“5”中指定的声明交换“API-Validate-UserInfo”返回 HTTP 错误响应，代码为“BadRequest”，原因为“Bad Request”。

关于 function，我使用的是.net 核心 3.1和 function 运行时版本是~3

Answer 1

发现这个问题提到了这篇文章。 需要在响应消息中包含 version，status 和 userMessage 是错误响应消息的必填字段。

{
  version = "1.0.0",
  userMessage = "Sorry, Something happened unexpectedly. Please try after sometime.",
  status = 409,
 }

Answer 2

在本文档之后，这是所需的错误结构：

返回验证错误消息

此外，请确保响应应具有与内容错误代码对应的 http 错误代码：

return StatusCode(409, new ResponseContent { userMessage = ex.Message });

其中 ResponseContent 具有以下结构：

        public class ResponseContent : IResult
    {
        public string version { get; set; }
        public int status { get; set; }
        public string code { get; set; }
        public string userMessage { get; set; }
        public string developerMessage { get; set; }
        public string requestId { get; set; }
        public string moreInfo { get; set; }

        public ResponseContent()
        {
            version = "1.0.0";
            status = 409;
            code = "API12345";
            requestId = "50f0bd91-2ff4-4b8f-828f-00f170519ddb";
            userMessage = "Message for the user";
            developerMessage = "Verbose description of problem and how to fix it.";
            moreInfo = "https://docs.microsoft.com/en-us/azure/active-directory-b2c/restful-technical-profile#returning-validation-error-message";
        }
    }